Configuring a connection with the LDAP server
4 July 2024
ID 60930
To configure the connection of the application with an external directory service using the LDAP protocol:
- Export the
Auth
task settings to an XML file using the command:# /opt/kaspersky/klms/bin/klms-control --get-settings 1 -f <
name of the settings file> - Open the XML file for editing.
- Specify the preferred type of integration between the application and the external directory service via LDAP in the <
integrationType
>: <LDAPGeneric
> section (for integration with LDAP) or <AD
> (for integration with Active Directory). - Depending on the type of integration, specify the values of the following settings in the <
LDAPGeneric
> or<AD>
sections:<host>
– address of the server with the openLDAP or Active Directory service, depending on the type of integration selected in the<integrationType>
section;<connectionType>
– the type of connection to Active Directory or server with the openLDAP service: TLS, LDAP via SSL or without encryption;<port>
– Port of the server with the openLDAP or Active Directory service, depending on the type of connection selected in the<connectionType>
section.<bindDn>
– Administrator account<password>
– Administrator password<searchBase>
– Account search database.
Example of the
<AD>
integration type parameters in use:<host><IP address></host>
<port>389</port>
<bindDn>user@companyname.com</bindDn>
<password>123456</password>
<searchBase>dc=companyname,dc=com</searchBase>
Example of the
<LDAPGeneric>
integration type parameters in use:<host>IP address</host>
<port>389</port>
<bindDn>cn=admin,dc=site</bindDn>
<password>123456</password>
<searchBase>dc=site</searchBase>
- Specify the timeout for establishing a connection to the openLDAP or Active Directory service in the
<netTimeoutInSeconds>
section. If the server does not respond during the specified time, the "Can not contact LDAP server
" result is returned. - Save the changes made.
- Import the
Auth
task settings from an XML file using the command:# /opt/kaspersky/klms/bin/klms-control --set-settings 1 -f <
name of the settings file>
We recommend using an unprivileged user account when configuring the application connection to an external directory service using LDAP.